Every CVE whose affected-product data names Apache Fineract, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2024-23538 — CVSS 9.9 (critical): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects…
CVE-2018-11800 — CVSS 9.8 (critical): SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the…
CVE-2018-11801 — CVSS 9.8 (critical): SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center…
CVE-2018-1290 — CVSS 9.8 (critical): In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two…
CVE-2025-58130 — CVSS 9.1 (critical): Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is…
CVE-2018-1289 — CVSS 8.8 (high): In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to…
CVE-2022-44635 — CVSS 8.8 (high): Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload…
CVE-2024-32838 — CVSS 8.8 (high): SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a…
CVE-2017-5663 — CVSS 8.8 (high): In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read…
CVE-2024-23537 — CVSS 8.4 (high): Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade…
CVE-2024-23539 — CVSS 8.3 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects…
CVE-2025-58137 — CVSS 8.1 (high): Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The…
CVE-2018-1291 — CVSS 8.1 (high): Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific…
CVE-2018-1292 — CVSS 8.1 (high): Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL…
CVE-2023-25195 — CVSS 8.1 (high): Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions…
CVE-2018-20243 — CVSS 7.5 (high): The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in…
CVE-2020-17514 — CVSS 7.4 (high): Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical…
CVE-2025-23408 — CVSS 6.5 (medium): Weak Password Requirements vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.10.1. The issue is fixed in…
CVE-2023-25197 — CVSS 6.3 (medium): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache…
CVE-2023-25196 — CVSS 4.3 (medium): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache…